diff --git a/lib/user.js b/lib/user.js
index 8a4fd712..9b47a3e4 100644
--- a/lib/user.js
+++ b/lib/user.js
@@ -97,7 +97,7 @@ Volcanos("user", {help: "用户模块", agent: {
             var src = can.user.MergeURL(can, {_path: "/share/"+msg.Result()}, true)
             var ui = can.user.toast(can, {
                 title: can.page.Format("a", "/share?share="+msg.Result(), "share"),
-                content: can.page.Format("img", src+"/share"),
+                content: can.page.Format("img", src+"/share")+"<br/>"+can.user.MergeURL(can, {share: msg.Result()}, true),
                 button: ["close"], duration: 100000,
                 width: 300, height: 300,
             })
@@ -107,7 +107,7 @@ Volcanos("user", {help: "用户模块", agent: {
         var ui = can.user.input({clientX: 100, clientY: 100}, can, [
             {username: "username", name: "用户"},
             {password: "password", name: "密码"},
-            {button: ["登录", "扫码"]},
+            {button: ["登录", "扫码", "注册"]},
         ], function(event, button, data, list) {
             switch (button) {
                 case "登录": can.user.Cookie(can, "sessid", "")
@@ -117,6 +117,28 @@ Volcanos("user", {help: "用户模块", agent: {
                         }
                         can.user.alert("用户或密码错误")
                     })
+                    break
+                case "扫码":
+                    can.misc.WSS(can, {type: "chrome"}, function(event, msg, cmd, arg) { if (!msg) { return }
+                        if (cmd == "pwd") {
+                            can.user.share(can, can.request(event, {text: arg[0]}), ["action", "apply"])
+                            msg.Reply()
+                            return
+                        }
+                        if (cmd == "sessid") {
+                            can.user.Cookie(can, "sessid", arg[0])
+                            can.user.reload(true)
+                            return
+                        }
+                        can.run(event, ["search"].concat(msg["detail"]||[]), function(msg) {
+                            msg.Reply()
+                        })
+                    })
+
+                    return true
+                    break
+                case "注册":
+
                     break
             }
         })
diff --git a/panel/Header.js b/panel/Header.js
index def9f8f5..336f7f15 100644
--- a/panel/Header.js
+++ b/panel/Header.js
@@ -174,6 +174,11 @@ Volcanos("onaction", {help: "交互数据", list: [], _init: function(can, msg,
 
         can.onlayout.topic(can)
         can.user.isLocalFile? init(): can.run({}, ["check"], function(msg) {
+            if (msg.Option("type") == "apply" && msg.Option("name") == "") {
+                if (can.user.confirm("auth "+msg.Option("text"))) {
+                    can.run(event, ["action", "auth", "share", can.user.Search(can, "share")])
+                }
+            }
             msg.Result()? init(): msg.Option("sso")? can.user.jumps(msg.Option("sso")): can.user.login(can, init)
         })
     },